Citing Congressional requests and pending legislative changes, the Federal Trade Commission (FTC) again delayed the enforcement date for their "Red Flags" Rules. Originally, enforcement was to begin next week, on June 1, 2010, but has been delayed through December 31, 2010.

In its release on the subject, Commission Chief Jon Leibowitz urged Congress to act quickly in passing legislation that limits the scope of the Rules, which are designed to require "creditors" and "financial institutions" to address the risk of identity theft. "Congress needs to fix the unintended consequences of the legislation establishing the 'Red Flags' Rules -- and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift," said Leibowitz. "As an agency we're charged with enforcing the law, and endless extensions delay enforcement."

BREAKING: FTC Delays "Red Flags" Rules Until June 2010

on 30 October 2009.

The U.S. Federal Trade Commission posted this statement on their website near the end of the day on Friday, October 30:

"At the request of Members of Congress, the Federal Trade Commission is delaying enforcement of the â€śRed Flagsâ€ť Rule until June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC.

The Rule was promulgated under the Fair and Accurate Credit Transactions Act, in which Congress directed the Commission and other agencies to develop regulations requiring â€ścreditorsâ€ť and â€śfinancial institutionsâ€ť to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have â€ścovered accountsâ€ť to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities â€“ known as â€śred flagsâ€ť â€“ that could indicate identity theft.

House Passes Bill Exempting Select Firms from â€śRed Flagsâ€ť Rule

on 23 October 2009.

The House of Representatives recently passed a bill that exempts certain firms from the Federal Trade Commission's "Red Flags" Rules.

Passing unanimously in a 400-0 vote, H.R. 3763 amends the Fair Credit Reporting Act (FCRA) to exclude certain businesses from the "Red Flags" guidelines. Specifically the legislation exempts any health care, accounting or legal practice with 20 or fewer employees from the meaning of creditor used in the FCRA and thus the "Red Flags" guidelines. Additionally, the act excludes any other business that the FTC determines "(1) knows all of its customers or clients individually; (2) only performs services in or around the residences of its customers; or (3) has not experienced incidents of identity theft, and identity theft is rare for businesses of that type."

Eye on the Hill: FTC Delays Enforcement of "Red Flags" Rules Until November 1

on 29 July 2009.

Today, the Federal Trade Commission (FTC) announced that it would further delay enforcement of the â€śRed Flagsâ€ť Rules by another three months, from August 1 to November 1, 2009. The commission also announced that it would redouble its efforts to educate small businesses and other entities about complying with the Rules and work to ease compliance by offering additional resources and guidance to clarify whether businesses are covered and what they must do to comply.

Eye on the Hill: NACM Meets With FTC on "Red Flags" Future

on 21 July 2009.

The August 1, 2009 deadline for mandatory compliance with the Federal Trade Commission's (FTC) "Red Flags" Rules is just over the horizon. By that date, companies must have a written and senior management-approved program in place to detect, mitigate and respond to instances of identity theft. Business-to-business and trade creditors fall under the definition of "creditor" used in the regulation, though they may not have to comply with the rule if they do not have accounts that have a "reasonably foreseeable risk" of identity theft.